Encrypt your DNS. Use only DNSEC servers. TLS 1.3, Secure SNI. Use a VPN with double hop proxy.
The issue is not all servers support TLS 1.3 and Secure SNI, so you are at the mercy of that particular server. Truth be known, there is probably zero ways to be totally secure, private, and anonymous, but that shouldn’t deter you from locking down what you can. However, if your threat model is hiding from a government, then unplugging is probably your best bet.
People I talk to about security, anonymity, and privacy always ask me ‘Are you hiding from the government?’ which is rather hilarious to me. I send them tax forms every year. I vote once every four years and in local elections. We are in touch. If I were a person of interest, they’d come visit. However, there is absolutely no requirement to over share…with anyone.
That’s why you should use a VPN or anonymizing traffic mixers.
Encrypt your DNS. Use only DNSEC servers. TLS 1.3, Secure SNI. Use a VPN with double hop proxy.
The issue is not all servers support TLS 1.3 and Secure SNI, so you are at the mercy of that particular server. Truth be known, there is probably zero ways to be totally secure, private, and anonymous, but that shouldn’t deter you from locking down what you can. However, if your threat model is hiding from a government, then unplugging is probably your best bet.
People I talk to about security, anonymity, and privacy always ask me ‘Are you hiding from the government?’ which is rather hilarious to me. I send them tax forms every year. I vote once every four years and in local elections. We are in touch. If I were a person of interest, they’d come visit. However, there is absolutely no requirement to over share…with anyone.
https://www.cloudflare.com/ssl/encrypted-sni
Please beware that DNS over TLS is transport protection; the dns server itself of course still sees and knows everything.
I use my own DNS.
That’s great.